1 /* Set permissions of a file. -*- coding: utf-8 -*-
3 Copyright (C) 2002-2003, 2005-2016 Free Software Foundation, Inc.
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 Written by Paul Eggert, Andreas Grünbacher, and Bruno Haible. */
24 #include "acl-internal.h"
27 # if ! defined HAVE_ACL_FROM_MODE && defined HAVE_ACL_FROM_TEXT /* FreeBSD, IRIX, Tru64 */
28 # if HAVE_ACL_GET_FILE && !HAVE_ACL_TYPE_EXTENDED
31 acl_from_mode (mode_t mode
)
33 # if HAVE_ACL_FREE_TEXT /* Tru64 */
34 char acl_text
[] = "u::---,g::---,o::---,";
35 # else /* FreeBSD, IRIX */
36 char acl_text
[] = "u::---,g::---,o::---";
39 if (mode
& S_IRUSR
) acl_text
[ 3] = 'r';
40 if (mode
& S_IWUSR
) acl_text
[ 4] = 'w';
41 if (mode
& S_IXUSR
) acl_text
[ 5] = 'x';
42 if (mode
& S_IRGRP
) acl_text
[10] = 'r';
43 if (mode
& S_IWGRP
) acl_text
[11] = 'w';
44 if (mode
& S_IXGRP
) acl_text
[12] = 'x';
45 if (mode
& S_IROTH
) acl_text
[17] = 'r';
46 if (mode
& S_IWOTH
) acl_text
[18] = 'w';
47 if (mode
& S_IXOTH
) acl_text
[19] = 'x';
49 return acl_from_text (acl_text
);
54 # if HAVE_FACL && defined GETACL /* Solaris, Cygwin, not HP-UX */
56 set_acls_from_mode (const char *name
, int desc
, mode_t mode
, bool *must_chmod
)
59 /* Solaris also has a different variant of ACLs, used in ZFS and NFSv4
60 file systems (whereas the other ones are used in UFS file systems). */
62 /* The flags in the ace_t structure changed in a binary incompatible way
63 when ACL_NO_TRIVIAL etc. were introduced in <sys/acl.h> version 1.15.
64 How to distinguish the two conventions at runtime?
65 We fetch the existing ACL. In the old convention, usually three ACEs have
66 a_flags = ACE_OWNER / ACE_GROUP / ACE_OTHER, in the range 0x0100..0x0400.
67 In the new convention, these values are not used. */
71 /* Initially, try to read the entries into a stack-allocated buffer.
72 Use malloc if it does not fit. */
75 alloc_init
= 4000 / sizeof (ace_t
), /* >= 3 */
76 alloc_max
= MIN (INT_MAX
, SIZE_MAX
/ sizeof (ace_t
))
78 ace_t buf
[alloc_init
];
79 size_t alloc
= alloc_init
;
81 ace_t
*malloced
= NULL
;
87 ? facl (desc
, ACE_GETACL
, alloc
, entries
)
88 : acl (name
, ACE_GETACL
, alloc
, entries
));
89 if (count
< 0 && errno
== ENOSPC
)
91 /* Increase the size of the buffer. */
93 if (alloc
> alloc_max
/ 2)
98 alloc
= 2 * alloc
; /* <= alloc_max */
99 entries
= malloced
= (ace_t
*) malloc (alloc
* sizeof (ace_t
));
117 for (i
= 0; i
< count
; i
++)
118 if (entries
[i
].a_flags
& (OLD_ACE_OWNER
| OLD_ACE_GROUP
| OLD_ACE_OTHER
))
135 /* Running on Solaris 10. */
136 entries
[0].a_type
= OLD_ALLOW
;
137 entries
[0].a_flags
= OLD_ACE_OWNER
;
138 entries
[0].a_who
= 0; /* irrelevant */
139 entries
[0].a_access_mask
= (mode
>> 6) & 7;
140 entries
[1].a_type
= OLD_ALLOW
;
141 entries
[1].a_flags
= OLD_ACE_GROUP
;
142 entries
[1].a_who
= 0; /* irrelevant */
143 entries
[1].a_access_mask
= (mode
>> 3) & 7;
144 entries
[2].a_type
= OLD_ALLOW
;
145 entries
[2].a_flags
= OLD_ACE_OTHER
;
146 entries
[2].a_who
= 0;
147 entries
[2].a_access_mask
= mode
& 7;
152 /* Running on Solaris 10 (newer version) or Solaris 11.
153 The details here were found through "/bin/ls -lvd somefiles". */
154 entries
[0].a_type
= NEW_ACE_ACCESS_DENIED_ACE_TYPE
;
155 entries
[0].a_flags
= NEW_ACE_OWNER
;
156 entries
[0].a_who
= 0; /* irrelevant */
157 entries
[0].a_access_mask
= 0;
158 entries
[1].a_type
= NEW_ACE_ACCESS_ALLOWED_ACE_TYPE
;
159 entries
[1].a_flags
= NEW_ACE_OWNER
;
160 entries
[1].a_who
= 0; /* irrelevant */
161 entries
[1].a_access_mask
= NEW_ACE_WRITE_NAMED_ATTRS
162 | NEW_ACE_WRITE_ATTRIBUTES
164 | NEW_ACE_WRITE_OWNER
;
166 entries
[1].a_access_mask
|= NEW_ACE_READ_DATA
;
168 entries
[0].a_access_mask
|= NEW_ACE_READ_DATA
;
170 entries
[1].a_access_mask
|= NEW_ACE_WRITE_DATA
| NEW_ACE_APPEND_DATA
;
172 entries
[0].a_access_mask
|= NEW_ACE_WRITE_DATA
| NEW_ACE_APPEND_DATA
;
174 entries
[1].a_access_mask
|= NEW_ACE_EXECUTE
;
176 entries
[0].a_access_mask
|= NEW_ACE_EXECUTE
;
177 entries
[2].a_type
= NEW_ACE_ACCESS_DENIED_ACE_TYPE
;
178 entries
[2].a_flags
= NEW_ACE_GROUP
| NEW_ACE_IDENTIFIER_GROUP
;
179 entries
[2].a_who
= 0; /* irrelevant */
180 entries
[2].a_access_mask
= 0;
181 entries
[3].a_type
= NEW_ACE_ACCESS_ALLOWED_ACE_TYPE
;
182 entries
[3].a_flags
= NEW_ACE_GROUP
| NEW_ACE_IDENTIFIER_GROUP
;
183 entries
[3].a_who
= 0; /* irrelevant */
184 entries
[3].a_access_mask
= 0;
186 entries
[3].a_access_mask
|= NEW_ACE_READ_DATA
;
188 entries
[2].a_access_mask
|= NEW_ACE_READ_DATA
;
190 entries
[3].a_access_mask
|= NEW_ACE_WRITE_DATA
| NEW_ACE_APPEND_DATA
;
192 entries
[2].a_access_mask
|= NEW_ACE_WRITE_DATA
| NEW_ACE_APPEND_DATA
;
194 entries
[3].a_access_mask
|= NEW_ACE_EXECUTE
;
196 entries
[2].a_access_mask
|= NEW_ACE_EXECUTE
;
197 entries
[4].a_type
= NEW_ACE_ACCESS_DENIED_ACE_TYPE
;
198 entries
[4].a_flags
= NEW_ACE_EVERYONE
;
199 entries
[4].a_who
= 0;
200 entries
[4].a_access_mask
= NEW_ACE_WRITE_NAMED_ATTRS
201 | NEW_ACE_WRITE_ATTRIBUTES
203 | NEW_ACE_WRITE_OWNER
;
204 entries
[5].a_type
= NEW_ACE_ACCESS_ALLOWED_ACE_TYPE
;
205 entries
[5].a_flags
= NEW_ACE_EVERYONE
;
206 entries
[5].a_who
= 0;
207 entries
[5].a_access_mask
= NEW_ACE_READ_NAMED_ATTRS
208 | NEW_ACE_READ_ATTRIBUTES
210 | NEW_ACE_SYNCHRONIZE
;
212 entries
[5].a_access_mask
|= NEW_ACE_READ_DATA
;
214 entries
[4].a_access_mask
|= NEW_ACE_READ_DATA
;
216 entries
[5].a_access_mask
|= NEW_ACE_WRITE_DATA
| NEW_ACE_APPEND_DATA
;
218 entries
[4].a_access_mask
|= NEW_ACE_WRITE_DATA
| NEW_ACE_APPEND_DATA
;
220 entries
[5].a_access_mask
|= NEW_ACE_EXECUTE
;
222 entries
[4].a_access_mask
|= NEW_ACE_EXECUTE
;
226 ret
= facl (desc
, ACE_SETACL
, count
, entries
);
228 ret
= acl (name
, ACE_SETACL
, count
, entries
);
229 if (ret
< 0 && errno
!= EINVAL
&& errno
!= ENOTSUP
)
247 entries
[0].a_type
= USER_OBJ
;
248 entries
[0].a_id
= 0; /* irrelevant */
249 entries
[0].a_perm
= (mode
>> 6) & 7;
250 entries
[1].a_type
= GROUP_OBJ
;
251 entries
[1].a_id
= 0; /* irrelevant */
252 entries
[1].a_perm
= (mode
>> 3) & 7;
253 entries
[2].a_type
= OTHER_OBJ
;
255 entries
[2].a_perm
= mode
& 7;
258 ret
= facl (desc
, SETACL
,
259 sizeof (entries
) / sizeof (aclent_t
), entries
);
261 ret
= acl (name
, SETACL
,
262 sizeof (entries
) / sizeof (aclent_t
), entries
);
265 if (errno
== ENOSYS
|| errno
== EOPNOTSUPP
)
275 # elif HAVE_GETACL /* HP-UX */
277 context_acl_from_mode (struct permission_context
*ctx
, const char *name
, int desc
)
283 ret
= fstat (desc
, &statbuf
);
285 ret
= stat (name
, &statbuf
);
289 ctx
->entries
[0].uid
= statbuf
.st_uid
;
290 ctx
->entries
[0].gid
= ACL_NSGROUP
;
291 ctx
->entries
[0].mode
= (ctx
->mode
>> 6) & 7;
292 ctx
->entries
[1].uid
= ACL_NSUSER
;
293 ctx
->entries
[1].gid
= statbuf
.st_gid
;
294 ctx
->entries
[1].mode
= (ctx
->mode
>> 3) & 7;
295 ctx
->entries
[2].uid
= ACL_NSUSER
;
296 ctx
->entries
[2].gid
= ACL_NSGROUP
;
297 ctx
->entries
[2].mode
= ctx
->mode
& 7;
302 # if HAVE_ACLV_H /* HP-UX >= 11.11 */
304 context_aclv_from_mode (struct permission_context
*ctx
)
308 ctx
->aclv_entries
[0].a_type
= USER_OBJ
;
309 ctx
->aclv_entries
[0].a_id
= 0; /* irrelevant */
310 ctx
->aclv_entries
[0].a_perm
= (ctx
->mode
>> 6) & 7;
311 ctx
->aclv_entries
[1].a_type
= GROUP_OBJ
;
312 ctx
->aclv_entries
[1].a_id
= 0; /* irrelevant */
313 ctx
->aclv_entries
[1].a_perm
= (ctx
->mode
>> 3) & 7;
314 ctx
->aclv_entries
[2].a_type
= CLASS_OBJ
;
315 ctx
->aclv_entries
[2].a_id
= 0;
316 ctx
->aclv_entries
[2].a_perm
= (ctx
->mode
>> 3) & 7;
317 ctx
->aclv_entries
[3].a_type
= OTHER_OBJ
;
318 ctx
->aclv_entries
[3].a_id
= 0;
319 ctx
->aclv_entries
[3].a_perm
= ctx
->mode
& 7;
322 ret
= aclsort (ctx
->aclv_count
, 1, ctx
->aclv_entries
);
329 # elif HAVE_ACLX_GET && defined ACL_AIX_WIP /* AIX */
331 set_acls_from_mode (const char *name
, int desc
, mode_t mode
, bool *must_chmod
)
333 acl_type_list_t types
;
334 size_t types_size
= sizeof (types
);
337 if (aclx_gettypes (name
, &types
, &types_size
) < 0
338 || types
.num_entries
== 0)
344 /* XXX Do we need to clear all types of ACLs for the given file, or is it
345 sufficient to clear the first one? */
346 type
= types
.entries
[0];
347 if (type
.u64
== ACL_AIXC
)
349 union { struct acl a
; char room
[128]; } u
;
352 u
.a
.acl_len
= (char *) &u
.a
.acl_ext
[0] - (char *) &u
.a
; /* no entries */
353 u
.a
.acl_mode
= mode
& ~(S_IXACL
| 0777);
354 u
.a
.u_access
= (mode
>> 6) & 7;
355 u
.a
.g_access
= (mode
>> 3) & 7;
356 u
.a
.o_access
= mode
& 7;
359 ret
= aclx_fput (desc
, SET_ACL
| SET_MODE_S_BITS
,
360 type
, &u
.a
, u
.a
.acl_len
, mode
);
362 ret
= aclx_put (name
, SET_ACL
| SET_MODE_S_BITS
,
363 type
, &u
.a
, u
.a
.acl_len
, mode
);
364 if (!(ret
< 0 && errno
== ENOSYS
))
367 else if (type
.u64
== ACL_NFS4
)
369 union { nfs4_acl_int_t a
; char room
[128]; } u
;
373 u
.a
.aclVersion
= NFS4_ACL_INT_STRUCT_VERSION
;
375 ace
= &u
.a
.aclEntry
[0];
377 ace
->flags
= ACE4_ID_SPECIAL
;
378 ace
->aceWho
.special_whoid
= ACE4_WHO_OWNER
;
379 ace
->aceType
= ACE4_ACCESS_ALLOWED_ACE_TYPE
;
382 (mode
& 0400 ? ACE4_READ_DATA
| ACE4_LIST_DIRECTORY
: 0)
384 ? ACE4_WRITE_DATA
| ACE4_ADD_FILE
| ACE4_APPEND_DATA
385 | ACE4_ADD_SUBDIRECTORY
387 | (mode
& 0100 ? ACE4_EXECUTE
: 0);
388 ace
->aceWhoString
[0] = '\0';
389 ace
->entryLen
= (char *) &ace
->aceWhoString
[4] - (char *) ace
;
390 ace
= (nfs4_ace_int_t
*) (char *) &ace
->aceWhoString
[4];
394 ace
->flags
= ACE4_ID_SPECIAL
;
395 ace
->aceWho
.special_whoid
= ACE4_WHO_GROUP
;
396 ace
->aceType
= ACE4_ACCESS_ALLOWED_ACE_TYPE
;
399 (mode
& 0040 ? ACE4_READ_DATA
| ACE4_LIST_DIRECTORY
: 0)
401 ? ACE4_WRITE_DATA
| ACE4_ADD_FILE
| ACE4_APPEND_DATA
402 | ACE4_ADD_SUBDIRECTORY
404 | (mode
& 0010 ? ACE4_EXECUTE
: 0);
405 ace
->aceWhoString
[0] = '\0';
406 ace
->entryLen
= (char *) &ace
->aceWhoString
[4] - (char *) ace
;
407 ace
= (nfs4_ace_int_t
*) (char *) &ace
->aceWhoString
[4];
411 ace
->flags
= ACE4_ID_SPECIAL
;
412 ace
->aceWho
.special_whoid
= ACE4_WHO_EVERYONE
;
413 ace
->aceType
= ACE4_ACCESS_ALLOWED_ACE_TYPE
;
416 (mode
& 0004 ? ACE4_READ_DATA
| ACE4_LIST_DIRECTORY
: 0)
418 ? ACE4_WRITE_DATA
| ACE4_ADD_FILE
| ACE4_APPEND_DATA
419 | ACE4_ADD_SUBDIRECTORY
421 | (mode
& 0001 ? ACE4_EXECUTE
: 0);
422 ace
->aceWhoString
[0] = '\0';
423 ace
->entryLen
= (char *) &ace
->aceWhoString
[4] - (char *) ace
;
424 ace
= (nfs4_ace_int_t
*) (char *) &ace
->aceWhoString
[4];
427 u
.a
.aclLength
= (char *) ace
- (char *) &u
.a
;
430 ret
= aclx_fput (desc
, SET_ACL
| SET_MODE_S_BITS
,
431 type
, &u
.a
, u
.a
.aclLength
, mode
);
433 ret
= aclx_put (name
, SET_ACL
| SET_MODE_S_BITS
,
434 type
, &u
.a
, u
.a
.aclLength
, mode
);
435 if (!(ret
< 0 && errno
== ENOSYS
))
443 # elif HAVE_STATACL /* older AIX */
445 context_acl_from_mode (struct permission_context
*ctx
)
447 ctx
->u
.a
.acl_len
= (char *) &ctx
->u
.a
.acl_ext
[0] - (char *) &ctx
->u
.a
; /* no entries */
448 ctx
->u
.a
.acl_mode
= ctx
->mode
& ~(S_IXACL
| 0777);
449 ctx
->u
.a
.u_access
= (ctx
->mode
>> 6) & 7;
450 ctx
->u
.a
.g_access
= (ctx
->mode
>> 3) & 7;
451 ctx
->u
.a
.o_access
= ctx
->mode
& 7;
456 # elif HAVE_ACLSORT /* NonStop Kernel */
458 context_acl_from_mode (struct permission_context
*ctx
)
462 ctx
->entries
[0].a_type
= USER_OBJ
;
463 ctx
->entries
[0].a_id
= 0; /* irrelevant */
464 ctx
->entries
[0].a_perm
= (ctx
->mode
>> 6) & 7;
465 ctx
->entries
[1].a_type
= GROUP_OBJ
;
466 ctx
->entries
[1].a_id
= 0; /* irrelevant */
467 ctx
->entries
[1].a_perm
= (ctx
->mode
>> 3) & 7;
468 ctx
->entries
[2].a_type
= CLASS_OBJ
;
469 ctx
->entries
[2].a_id
= 0;
470 ctx
->entries
[2].a_perm
= (ctx
->mode
>> 3) & 7;
471 ctx
->entries
[3].a_type
= OTHER_OBJ
;
472 ctx
->entries
[3].a_id
= 0;
473 ctx
->entries
[3].a_perm
= ctx
->mode
& 7;
476 ret
= aclsort (ctx
->count
, 1, entries
);
484 set_acls (struct permission_context
*ctx
, const char *name
, int desc
,
485 int from_mode
, bool *must_chmod
, bool *acls_set
)
489 # if HAVE_ACL_GET_FILE
490 /* POSIX 1003.1e (draft 17 -- abandoned) specific version. */
491 /* Linux, FreeBSD, Mac OS X, IRIX, Tru64 */
492 # if !HAVE_ACL_TYPE_EXTENDED
493 /* Linux, FreeBSD, IRIX, Tru64 */
495 # ifndef HAVE_ACL_FROM_TEXT
496 # error Must have acl_from_text (see POSIX 1003.1e draft 17).
498 # ifndef HAVE_ACL_DELETE_DEF_FILE
499 # error Must have acl_delete_def_file (see POSIX 1003.1e draft 17).
502 if (! ctx
->acls_not_supported
)
504 if (ret
== 0 && from_mode
)
508 ctx
->acl
= acl_from_mode (ctx
->mode
);
509 if (ctx
->acl
== NULL
)
513 if (ret
== 0 && ctx
->acl
)
515 if (HAVE_ACL_SET_FD
&& desc
!= -1)
516 ret
= acl_set_fd (desc
, ctx
->acl
);
518 ret
= acl_set_file (name
, ACL_TYPE_ACCESS
, ctx
->acl
);
521 if (! acl_errno_valid (errno
))
523 ctx
->acls_not_supported
= true;
524 if (from_mode
|| acl_access_nontrivial (ctx
->acl
) == 0)
531 if (S_ISDIR(ctx
->mode
))
533 if (! from_mode
&& ctx
->default_acl
&&
534 acl_default_nontrivial (ctx
->default_acl
))
535 ret
= acl_set_file (name
, ACL_TYPE_DEFAULT
,
538 ret
= acl_delete_def_file (name
);
544 # if HAVE_ACL_TYPE_NFS4 /* FreeBSD */
546 /* File systems either support POSIX ACLs (for example, ufs) or NFS4 ACLs
547 (for example, zfs). */
549 /* TODO: Implement setting ACLs once get_permissions() reads them. */
553 # else /* HAVE_ACL_TYPE_EXTENDED */
556 /* On Mac OS X, acl_get_file (name, ACL_TYPE_ACCESS)
557 and acl_get_file (name, ACL_TYPE_DEFAULT)
558 always return NULL / EINVAL. You have to use
559 acl_get_file (name, ACL_TYPE_EXTENDED)
560 or acl_get_fd (open (name, ...))
563 acl_set_file (name, ACL_TYPE_ACCESS, acl)
564 and acl_set_file (name, ACL_TYPE_DEFAULT, acl)
565 have the same effect as
566 acl_set_file (name, ACL_TYPE_EXTENDED, acl):
567 Each of these calls sets the file's ACL. */
569 if (ctx
->acl
== NULL
)
573 /* Remove ACLs if the file has ACLs. */
574 if (HAVE_ACL_GET_FD
&& desc
!= -1)
575 acl
= acl_get_fd (desc
);
577 acl
= acl_get_file (name
, ACL_TYPE_EXTENDED
);
585 if (HAVE_ACL_SET_FD
&& desc
!= -1)
586 ret
= acl_set_fd (desc
, acl
);
588 ret
= acl_set_file (name
, ACL_TYPE_EXTENDED
, acl
);
597 if (HAVE_ACL_SET_FD
&& desc
!= -1)
598 ret
= acl_set_fd (desc
, ctx
->acl
);
600 ret
= acl_set_file (name
, ACL_TYPE_EXTENDED
, ctx
->acl
);
603 if (! acl_errno_valid (errno
)
604 && ! acl_extended_nontrivial (ctx
->acl
))
612 # elif defined GETACL /* Solaris, Cygwin, not HP-UX */
614 /* Solaris 2.5 through Solaris 10, Cygwin, and contemporaneous versions
615 of Unixware. The acl() call returns the access and default ACL both
618 /* If both ace_entries and entries are available, try SETACL before
619 ACE_SETACL, because SETACL cannot fail with ENOTSUP whereas ACE_SETACL
623 return set_acls_from_mode (name
, desc
, ctx
->mode
, must_chmod
);
625 if (ret
== 0 && ctx
->count
)
628 ret
= facl (desc
, SETACL
, ctx
->count
, ctx
->entries
);
630 ret
= acl (name
, SETACL
, ctx
->count
, ctx
->entries
);
633 if ((errno
== ENOSYS
|| errno
== EOPNOTSUPP
|| errno
== EINVAL
)
634 && acl_nontrivial (ctx
->count
, ctx
->entries
) == 0)
642 if (ret
== 0 && ctx
->ace_count
)
645 ret
= facl (desc
, ACE_SETACL
, ctx
->ace_count
, ctx
->ace_entries
);
647 ret
= acl (name
, ACE_SETACL
, ctx
->ace_count
, ctx
->ace_entries
);
650 if ((errno
== ENOSYS
|| errno
== EINVAL
|| errno
== ENOTSUP
)
651 && acl_ace_nontrivial (ctx
->ace_count
, ctx
->ace_entries
) == 0)
659 # elif HAVE_GETACL /* HP-UX */
662 ret
= context_acl_from_mode (ctx
, name
, desc
);
664 if (ret
== 0 && ctx
->count
> 0)
667 ret
= fsetacl (desc
, ctx
->count
, ctx
->entries
);
669 ret
= setacl (name
, ctx
->count
, ctx
->entries
);
672 if ((errno
== ENOSYS
|| errno
== EOPNOTSUPP
|| errno
== ENOTSUP
)
673 && (from_mode
|| !acl_nontrivial (ctx
->count
, ctx
->entries
)))
682 ret
= context_aclv_from_mode (ctx
);
684 if (ret
== 0 && ctx
->aclv_count
> 0)
686 ret
= acl ((char *) name
, ACL_SET
, ctx
->aclv_count
, ctx
->aclv_entries
);
689 if ((errno
== ENOSYS
|| errno
== EOPNOTSUPP
|| errno
== EINVAL
)
690 && (from_mode
|| !aclv_nontrivial (ctx
->aclv_count
, ctx
->aclv_entries
)))
698 # elif HAVE_ACLX_GET && ACL_AIX_WIP /* AIX */
700 /* TODO: Implement setting ACLs once get_permissions() reads them. */
703 ret
= set_acls_from_mode (name
, desc
, mode
, must_chmod
);
705 # elif HAVE_STATACL /* older AIX */
708 ret
= context_acl_from_mode (ctx
);
710 if (ret
== 0 && ctx
->have_u
)
713 ret
= fchacl (desc
, &ctx
->u
.a
, ctx
->u
.a
.acl_len
);
715 ret
= chacl ((char *) name
, &ctx
->u
.a
, ctx
->u
.a
.acl_len
);
718 if (errno
== ENOSYS
&& from_mode
)
725 # elif HAVE_ACLSORT /* NonStop Kernel */
728 ret
= context_acl_from_mode (ctx
);
730 if (ret
== 0 && ctx
->count
)
732 ret
= acl ((char *) name
, ACL_SET
, ctx
->count
, ctx
->entries
);
735 if (!acl_nontrivial (ctx
->count
, ctx
->entries
))
752 /* If DESC is a valid file descriptor use fchmod to change the
753 file's mode to MODE on systems that have fchmod. On systems
754 that don't have fchmod and if DESC is invalid, use chmod on
756 Return 0 if successful. Return -1 and set errno upon failure. */
759 chmod_or_fchmod (const char *name
, int desc
, mode_t mode
)
761 if (HAVE_FCHMOD
&& desc
!= -1)
762 return fchmod (desc
, mode
);
764 return chmod (name
, mode
);
767 /* Set the permissions in CTX on a file. If DESC is a valid file descriptor,
768 use file descriptor operations, else use filename based operations on NAME.
769 If access control lists are not available, fchmod the target file to the
770 mode in CTX. Also sets the non-permission bits of the destination file
771 (S_ISUID, S_ISGID, S_ISVTX) to those from the mode in CTX if any are set.
772 Return 0 if successful. Return -1 and set errno upon failure. */
775 set_permissions (struct permission_context
*ctx
, const char *name
, int desc
)
777 bool acls_set _GL_UNUSED
= false;
779 bool must_chmod
= false;
785 /* There is no need to call chmod_or_fchmod, since the mode
786 bits S_ISUID, S_ISGID, S_ISVTX are also stored in the ACL. */
790 /* All other platforms */
791 /* On Cygwin, it is necessary to call chmod before acl, because
792 chmod can change the contents of the ACL (in ways that don't
793 change the allowed accesses, but still visible). */
795 early_chmod
= (! MODE_INSIDE_ACL
|| (ctx
->mode
& (S_ISUID
| S_ISGID
| S_ISVTX
)));
805 ret
= chmod_or_fchmod (name
, desc
, ctx
->mode
);
811 ret
= set_acls (ctx
, name
, desc
, false, &must_chmod
, &acls_set
);
814 int saved_errno
= ret
? errno
: 0;
816 /* If we can't set an acl which we expect to be able to set, try setting
817 the permissions to ctx->mode. Due to possible inherited permissions,
818 we cannot simply chmod. */
820 ret
= set_acls (ctx
, name
, desc
, true, &must_chmod
, &acls_set
);
832 if (must_chmod
&& ! early_chmod
)
834 int saved_errno
= ret
? errno
: 0;
836 ret
= chmod_or_fchmod (name
, desc
, ctx
->mode
);